Definitions[]
Computer security[]
Accreditation is
“ | the authorization and approval, granted by a designated authority to a data processing system, computer network, organization, or individual, to process sensitive information or data.[1] | ” |
“ | [t]he official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls."[2] | ” |
“ | [t]he formal certification by a Cognizant Security Authority that a facility, designated area, or information system has met Director of National Intelligence (DNI) security standards for handling, processing, discussing, disseminating or storing Sensitive Compartmented Information.[3] | ” |
Critical infrastructure[]
Accreditation is
“ | [a] program that ensures that Federal (including DHS), State, and local government entities have a clear understanding of, and are monitored in, their handling, use, dissemination and safeguarding of Protected Critical Infrastructure Information (PCII). The PCII accreditation program:
|
” |
Information technology[]
Accreditation is "a formal authorization by management for the system to process information."[5]
Accreditation is
“ | the official management authorization to operate an AIS or network: (1) in a particular security mode; (2) with a prescribed set of administrative, environmental, and technical security safeguards; (3) against a defined threat and with stated vulnerabilities and countermeasures; (4) in a given operational environment; (5) under a stated operational concept; (6) with stated interconnections to other AISs or networks; and (7) at an acceptable level of risk for which the accrediting authority has formally assumed responsibility.[6] | ” |
General[]
Accreditation is "approval given to an organization for performing specific functions after it has met defined requirements."[7]
References[]
- ↑ Telecom Glossary 2007.
- ↑ NIST Special Publication 800-53; NIST, FIPS 200.
- ↑ Intelligence Community Standard 700-01, at 2.
- ↑ Protected Critical Infrastructure Information Program Procedures Manual, at App. 2-1.
- ↑ Information Management: Challenges in Implementing an Electronic Records Archive, at 12.
- ↑ Security Policy for Uniform Protection of Intelligence Processed in Automated Information Systems and Networks, at §3.a.
- ↑ DHS Lexicon Terms and Definitions, at 9.